SBI Leaks Account Data of Millions of its Customers

Thursday, 31 January 2019

India's largest bank, the State Bank of India (SBI), leaked sensitive details such as the customer's bank balance and bank account number.

According to the report of TechCrunch, SBI left one of its server unprotected, allows anyone who knew where to look to access the data on millions of customers’ information. The unprotected server, hosted in a regional Mumbai-based data centre, stored two months of data from SBI Quick, a text message and call-based system used to request basic information about their bank accounts.

The SBI Quick service is designed for customers who still don’t own a smartphone and sends out millions of text messages every day. In addition to housing the most recently dispatched information, the server also retained daily archives of about a month.

On the post, TechCrunch noted that the unprotected server is the database that consists the information related to the user's account. It shows all of the text messages going to customers in real time, including their phone numbers, bank balances and recent transactions. The database also contained the customer’s partial bank account number (last four digits).

The database also had daily archives of millions of text messages each, going back to December, allowing anyone to access a detailed view into millions of customers’ finances.

Till yet, there are no comments from SBI side regarding this leak. Moreover, just a couple of days back, SBI alleged the misuse of Unique Identification Authority of India (UIDAI) data. SBI officials had informed the UIDAI that logins and biometrics of their operations had been misused to generate unauthorised Aadhaar cards.